score:1

Accepted answer

you are correct, in aws appsync, to trigger a subscription publish you must trigger a graphql mutation.

but i found out that subscriptions are tied to mutations and thus an update to the database from step functions will not trigger a subscription update on the frontend.

if you update your dynamodb table directly via step functions or via dynamodb streams, then appsync has no way to know the data refreshed. why don't you have your step function use an appsync mutation instead of updating your table directly? that way you can link a subscription to the mutation and have your interested clients get pushed updates when the data is refreshed.

score:1

assuming you are using cognito as your authentication for your appsync application, you could set a lambda trigger on the dynamo table that generates a cognito token, and uses that make an authorized request to your mutation endpoint. note: in your cognito userpool>app clients page, you will need to check the enable username password auth for admin apis for authentication (allow_admin_user_password_auth) box to generate a client secret.

const aws = require('aws-sdk');
const crypto = require('crypto');
var jwt = require('jsonwebtoken');


const secrets = require('./secrets.js');
var cognitoidentityserviceprovider = new aws.cognitoidentityserviceprovider();
var config;





const adminauth = () => new promise((res, rej) => {

        const digest = crypto.createhmac('sha256', config.secrethash)
          .update(config.username + config.clientid)
          .digest('base64');

        var params = {
          authflow: "admin_no_srp_auth",
          clientid: config.clientid, /* required */
          userpoolid: config.userpoolid, /* required */
          authparameters: {
            'username': config.username,
            'password': config.password,
            "secret_hash":digest
          },
        };
        cognitoidentityserviceprovider.admininitiateauth(params, function(err, data) {
          if (err) {
              console.log(err.stack);
              rej(err);
          }
          else {

              data.authenticationresult ? res(data.authenticationresult) : rej("challenge requested, to verify, login to app using admin credentials");
          }
        }); 
});

const decode = auth => new promise( res => {
    const decoded = jwt.decode(auth.accesstoken);
    auth.decoded = decoded
    res(auth);
});


//example gql query

 const testgql = auth =>  {
     const url = config.gqlendpoint;

     const payload  = {
         query: `
           query listmembers {
             listmembers {
               items{
                 firstname
                 lastname
               }
             }
           }
         ` 
     };


     console.log(payload);      
     const options = {
         headers: {
           "authorization": auth.accesstoken
         },
     };

     console.log(options);
     return axios.post(url, payload, options).then(data =>  data.data)
     .catch(e => console.log(e.response.data));
 };






exports.handler = async (event, context, callback) => {
   await secrets() //some promise that returns your keys object (i use secrets manager)
   .then( keys => {
       #keys={clientid:your_cognito_client, 
       #      userpoolid:your_userpool_id,
       #      secrethash:(obtained from cognito>userpool>app clients>app client secret),
       #      gqlendpoint:your_graphql_endpoint,
       #      username:your_cognito_user,
       #      password:your_cognito_user_password,
       #      }

       config = keys
       return adminauth()
   })
   .then(auth => {
       return decode(auth)
   })
   .then(auth => {
       return testgql(auth)
   })
   .then( data => {
       console.log(data)
       callback(null, data)
   })
   .catch( e => {
       callback(e)
   })
};

Related Query

More Query from same tag